i m using moodle framework and passwordsaltman encryption please help me out how to decrypt it any script or any way how?????
how to decrypt the moodle password
Number of replies: 9Re: how to decrypt the moodle password
It is normal practice to "encrypt" passwords by sending them through a http://en.wikipedia.org/wiki/Cryptographic_hash_function. In the case of Moodle the function is http://en.wikipedia.org/wiki/MD5. See function hash_internal_user_password($password) in lib/moodlelib.php.
An important property of such functions is that they are irreversible ("it is infeasible to generate a message that has a given hash").
An important property of such functions is that they are irreversible ("it is infeasible to generate a message that has a given hash").
Re: how to decrypt the moodle password
...even if it was possible, do you think it would be a good idea to have a Forum post here explaining how to do it !?!? lol
Re: how to decrypt the moodle password
If Moodle uses a reversible algorithm and keeps it secret, how long would it take to a cracker to find the answer?
The fundamental question is, how Open Source Software can hide such information?
The fundamental question is, how Open Source Software can hide such information?
Re: how to decrypt the moodle password
Moodle does not encrypt passwords. It hashes them using a one-way hash function.
This is common practice, in irreversible by design.
Re: how to decrypt the moodle password
Hi Tim Hunt,
I
need some help regarding the same. I want to add a column in mdl_user
in which original password of user in stored (Not hashed). Is there a
way to achieve this? In which file moodle does its insert query for the
password?
Re: how to decrypt the moodle password
Here is the right way to do this:
Don't
Re: how to decrypt the moodle password
Hi Tim,
I know it is not at all a good practice. But i have got a task from my employer that the admin should be able to login to any user's account. Please help me what should i do?
Re: how to decrypt the moodle password
Moodle admin can login into any user account without knowing the password using the "login as" feature. No need to change anything in Moodle or reveal passwords.
Re: how to decrypt the moodle password
I have no idea if this is a serious question or some trolling. Either way, I think it's important to understand why password salts exist.
The original design was to simply 'md5' the password. The problem with that is that if you use a common word for a password and someone gets hold of the hashed password it is trivial to reverse. This is no big secret, there are sites that have database of common (and not so common) md5 hashes and can easily decode them.
However, if you use a lengthy and reasonably random salt this all but makes this impossible. It's still theoretically possible to crack passwords if you know the salt and the method used (easy enough with Moodle) but it would still only work for 'dictionary' words.
So... use a good salt, leave the password restriction settings turned up and keep your salt secret. In which case, it's near enough to impossible to decode the passwords.
However, to answer the original question as posed, no you cannot. That's the idea!
The original design was to simply 'md5' the password. The problem with that is that if you use a common word for a password and someone gets hold of the hashed password it is trivial to reverse. This is no big secret, there are sites that have database of common (and not so common) md5 hashes and can easily decode them.
However, if you use a lengthy and reasonably random salt this all but makes this impossible. It's still theoretically possible to crack passwords if you know the salt and the method used (easy enough with Moodle) but it would still only work for 'dictionary' words.
So... use a good salt, leave the password restriction settings turned up and keep your salt secret. In which case, it's near enough to impossible to decode the passwords.
However, to answer the original question as posed, no you cannot. That's the idea!